So, you think that you are a pretty fly programmer who has a good idea on navigating through the many backdoors and security flaws that operating systems have? Well, why not put your knowledge to good use and earn some money while you are at it? After all, if you were to do something that you love while getting paid for it, that is the best job in the world since it would not feel as though you were working, but rather, being paid for indulging in your hobby. Nintendo has put up a minimum bounty of $100 for Nintendo 3DS owners who actually discover and report those vulnerabilities of the handheld console through the proper channels. This particular offer was posted on HackerOne.
Nintendo mentioned the following in order to get their message across to potential loophole and security backdoor adventurers:
Nintendo’s goal is to provide a secure environment for our customers so that they can enjoy our games and services. In order to achieve this goal, Nintendo is interested in receiving vulnerability information that researchers may discover regarding Nintendo’s platforms. Currently, in the context of the HackerOne program, Nintendo is only interested in vulnerability information regarding the Nintendo 3DS™ family of systems and is not seeking vulnerability information regarding other Nintendo platforms, network service, or server-related information.
The reason as to why Nintendo has decided to embark on this effort is to shore up the security of its Nintendo 3DS (and we would presume, any future generation handheld consoles) in order to prevent the likes of application dumping, game copying, game modifications, save modifications, not to mention the “dissemination of inappropriate content to children.”
While it is better late than never, at least something is being done about it. Like I mentioned, it could be because Nintendo only thought to do something about it now as opposed to before, and would like to take this knowledge gathered in moving forward with whatever future handheld consoles that they roll out. After all, the Nintendo 3DS has already been made available to access for both hackers and homebrew users, and this half a dozen year old platform is not going to have too long a shelf life left. In addition, with the Nintendo Switch’s upcoming release some time early next year, the Nintendo 3DS is slowly but surely being sidelined to the edge of obsolescence.
Perhaps the hacking community might want to take up this challenge just as a side role where they can earn some money to purchase a couple of games with each successful report of a security loophole or backdoor. As for the results of this “invitation” from Nintendo, it would be interesting to see just how many security flaws are discovered. Even if there were a number of such loopholes found, would the folks over at Nintendo announce them and subsequently, release an update or firmware patch for the ageing Nintendo 3DS?
We would adopt a wait and see attitude, but at the end of the day, the Nintendo 3DS is pretty secure for a gaming platform, and no one is going to hack your Zelda or Mario character or save game just for fun -- if it were possible in the first place, that is.